Does an AR support the mapping of consecutive port numbers

15

An AR supports the mapping of consecutive port numbers with restrictions: A public IP address can only be configured in the nat server command once. If it is configured in another nat server command, the system displays a message indicating that the previous configuration will be overwritten.


1. Create an ACL to match the ports to be mapped.
[Huawei] acl number 3001
[Huawei] rule 5 permit tcp destination-port range 1 4000


2. Configure a NAT server without specifying the internal and external port numbers, and reference ACL 3001.
[Huawei] interface GigabitEthernet0/0/1
[Huawei-GigabitEthernet0/0/1] nat server global 202.1.22.3 inside 192.168.2.22 acl 3001


This method completes the mapping of consecutive port numbers (intranet ports matching an ACL rule are mapped to the same ports on the public network) without the need to configure port mapping one by one using the nat server command.


202.1.22.3 inside 192.168.2.22 acl 3001

Other related questions:
Does an AR support load balancing when multiple ports are mapped to the intranet server
You can run the load-balance { dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-dst-mac } command to implement load balancing when multiple ports are mapped to the intranet server on an AR.

Whether the USG6000 supports many-to-many port mapping
Whether the USG6000 supports many-to-many port mapping: This function is not supported temporarily.

Can the AR router implement one-to-one mapping of multiple port numbers?
AR router can configure NAT static and NAT port to achieve one to one mapping. For example: NAT server TCP global 1.1.1.2 21 inside 10.3.0.30 21 server.

Configure port mapping on an AR router
Configure port mapping on an AR router. Port mapping is implemented based on ACLs. The application layer protocols that port mapping supports include FTP, DNS, HTTP, SIP, PPTP, and RTSP. Generally, the application layer protocols use well-known ports for communication. Port mapping allows users to define a group of new port numbers for different application layer protocols, reducing the risk of malicious attacks on a service. Port mapping makes senses only when it is used in conjunction with service-sensitive features such as ASPF and NAT. 1. Run the port-mapping { dns | ftp | http | sip | rtsp | pptp } port port-number acl acl-number command in the system view to configure port mapping globally. A protocol can be configured with multiple mapped ports, and a port can be mapped to multiple protocols. The ports must be distinguished based on ACLs. Different mapping relationships are applied to packets matching different ACLs. Actually, port mapping identifies protocols used by packets destined for a specific IP address (for example, WWW server). When trying to match the packets with basic ACL rules, port mapping matches the destination IP addresses in the packets with the source IP addresses defined in the ACL rules. 2. Run the display port-mapping [ dns | ftp | http | rtsp | sip | port port-number | pptp ] command to check the information about port mapping. An example of configuring port mapping is as follows: [Huawei] port-mapping ftp port 2121 acl 2102 //Configure port mapping on a router. [Huawei] display port-mapping ftp //Check the configuration result. For details about configuration of port mapping on AR routers, see the URL: AR router configuration port-mapping .

Whether the intranet port number and extranet port number can be the same in port mapping mode on the USG6000 series
They can be the same or different.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top